package com.zzr.demo.springsecurity.six.controller;

import com.zzr.demo.springsecurity.six.entity.Users;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.web.bind.annotation.*;

import java.util.ArrayList;
import java.util.List;

/**
 * @author: xiaomi
 * @date: 2021/6/21
 * @description:
 */
@RestController
@RequestMapping("/test")
@Slf4j
public class TestController {

    @GetMapping("hello")
    public String add() {
        return "hello security";
    }

    @GetMapping("index")
    public String index() {
        return "hello index";
    }

    @GetMapping("test")
    public String test() {
        return "hello test";
    }


    @GetMapping("test2")
    public String test2() {
        return "hello test2";
    }


    @GetMapping("testRole")
    public String testRole() {
        return "hello testRole";
    }


    @GetMapping("testRoleDeveloper")
    public String testRoleDeveloper() {
        return "hello testRoleDeveloper";
    }


    /**
     * 测试注解权限
     * lucy 由于角色不对应，无法访问
     *
     * @return
     */
    @RequestMapping("testSecured")
    @ResponseBody
    @Secured({"ROLE_normal", "ROLE_admin"})
    public String helloUser() {
        return "hello,user";
    }

    /**
     * lucy 可以访问
     *
     * @return
     */
    @RequestMapping("testSecuredSale")
    @ResponseBody
    @Secured({"ROLE_normal", "ROLE_sale"})
    public String helloAdmins() {
        return "hello,sale";
    }

    /**
     * @return
     */
    @RequestMapping("testPreAuthorize")
    @ResponseBody
    @PreAuthorize("hasAnyAuthority('admins')")
//    @PreAuthorize("hasAnyAuthority('menu:system')")
    public String helloPreAuthorize() {
        return "hello,PreAuthorize";
    }

    /**
     * 测试 PostAuthorize
     *
     * @return
     */
    @RequestMapping("testPostAuthorize")
    @ResponseBody
    @PostAuthorize("hasAnyAuthority('menu:system')")
    public String helloPostAuthorize() {
        log.info("enter helloPostAuthorize...");
        return "hello,PostAuthorize";
    }

    /**
     * 测试 PostFilter
     * [{"id":1,"username":"admin1","password":"6666"}]
     *
     * @return
     */
    @RequestMapping("testPostFilter")
    @ResponseBody
    @PreAuthorize("hasAnyAuthority('admins')")
    @PostFilter("filterObject.username == 'admin1'")
    public List<Users> helloPostFilter() {
        ArrayList<Users> list = new ArrayList<>();
        list.add(new Users(1, "admin1", "6666"));
        list.add(new Users(2, "admin2", "888"));
        return list;
    }


    /**
     * 测试 PreFilter
     *
     * @return
     */
    @RequestMapping("testPreFilter")
    @ResponseBody
    @PreAuthorize("hasAnyAuthority('admins')")
    @PreFilter(value = "filterObject.id%2==0")
    public List<Users> helloPreFilter(@RequestBody List<Users>
                                              list) {
        list.forEach(t -> {
            System.out.println(t.getId() + "\t" + t.getUsername());
        });
        return list;
    }

}
